Fake websites cost consumers billions of dollars annually. The Anti-Phishing Working Group identifies an average of 100,000 unique phishing websites per month, and that number does not include fake e-commerce stores, counterfeit brand sites, and scam service providers. Whether you are about to enter payment information, create an account, or download software, these 8 steps will help you determine if the website is legitimate.
Step 1: Check the URL Carefully
The URL is the first and most important thing to verify. Scam websites use domains that resemble real ones:
amazon-deals-today.comis not Amazon (real: amazon.com)paypal.com.secure-login.net— the real domain is secure-login.net, not paypal.comgo0gle.comuses a zero instead of the letter O
Focus on the root domain: the part directly before .com, .org, .net, etc. Everything before the root domain (subdomains) can be set to anything. login.chase.com is a subdomain of chase.com (legitimate). chase.com.login-verify.net is a subdomain of login-verify.net (fake).
Have a link you're unsure about?
Paste it here — we'll check it against 70+ threat databases.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
Step 2: Look for HTTPS
Check for the padlock icon and "https://" in the address bar. HTTPS means the connection is encrypted, which protects data in transit. However, HTTPS alone does not mean the site is legitimate — scammers can get free SSL certificates. Think of HTTPS as a minimum requirement, not a guarantee of trust.
Step 3: Check the Domain Age
Legitimate businesses have domains that have been registered for years. A domain registered last week that claims to be a major retailer is almost certainly fake. You can check domain age at IsThisAScam.to — paste the URL and the tool will check WHOIS data, domain age, and registration details.
Step 4: Read the Contact Information
Legitimate websites provide verifiable contact information:
- A physical address (search it on Google Maps — does it exist?)
- A phone number (call it — does someone answer professionally?)
- A real email address on the company's domain (not a Gmail or Yahoo address)
Missing or fake contact information is a strong red flag. Many scam websites either have no contact page or list addresses that turn out to be random locations or PO boxes in different countries.
Step 5: Check for a Privacy Policy and Terms of Service
Legitimate businesses are legally required to have a privacy policy. Its absence is a red flag. If a privacy policy exists, check whether it is generic boilerplate that does not even mention the website's name — scammers often copy privacy policies from other sites without editing them.
Step 6: Search for Reviews
Search for "[website name] reviews" and "[website name] scam" on Google. Check Trustpilot, BBB, and Reddit. Key things to watch for:
- No reviews at all for a site that claims to have been operating for years
- Only 5-star reviews posted within a short timeframe (likely fake)
- Multiple complaints about products never arriving or being different from what was advertised
Step 7: Evaluate the Design and Content
While not conclusive on its own, poor website quality can indicate a scam:
- Blurry or stolen product images (right-click and search by image)
- Prices that are 70-90% below retail (if it seems too good to be true, it is)
- Grammatical errors throughout the site, especially in legal pages
- Generic stock photos for "team" or "about" pages
- Countdown timers creating artificial urgency ("Sale ends in 2 hours!")
Step 8: Use a Website Safety Checker
Paste the URL into IsThisAScam.to for a comprehensive safety check that includes:
- URL reputation across Google Web Risk and VirusTotal
- Domain age and WHOIS registration data
- SSL certificate validity
- Known scam pattern matching
This automated check takes seconds and catches red flags that manual inspection might miss.
Special Considerations for Online Shopping
When buying from an unfamiliar online store:
- Use a credit card, not a debit card — credit cards offer stronger fraud protection.
- Check for return and refund policies. Legitimate stores have clear return policies.
- Start with a small purchase to test the store before making a large order.
- Avoid stores that only accept wire transfer, cryptocurrency, or gift cards as payment.
In seconds, a legitimacy check can prevent a loss of hundreds or thousands of dollars. Make it a habit: before entering any information on an unfamiliar website, paste the URL into IsThisAScam.to first.